Propagation

Setting Up Propagation

 

 

 

# mkpropcf

 

 

 

This creates the kpropd.ini file, which defines your propagation

 

 

 

hierarchy.

 

 

 

If you do not want to use the default hierarchy structure (a two-tier

NOTE

 

 

 

 

 

system) you must edit the kpropd.ini file to contain your preferred

 

 

 

hierarchy. Refer to “kpropd.ini” on page 217, for more details on this

 

 

 

file.

 

 

4.

Copy the kpropd.ini file to the secondary server.

 

 

 

 

5.

If you have configured a multi-tiered hierarchy; that is, you have

 

 

 

secondary servers that act as propagation parent servers, copy the

 

 

 

primary server’s configuration file to each secondary server.

Step

2.

On the Primary Server, add the admin principal and extract the service

 

 

key

 

 

 

1.

Add the admin principal on the primary server, using the following

 

 

 

command:

 

 

 

# /opt/krb5/admin/kadminl -R <admin/principal name>

 

 

 

<passwd>

 

 

2.

Extract the propagation principal on the primary server, using the

 

 

 

command given below. By default, host/fqdn@REALM is added.

 

 

 

# /opt/krb5/admin/kadminl -R ext <service principal

 

 

 

name>

Step

3.

Kill all the running daemons on the primary server and start the kdcd

 

 

and kadmind daemons

 

 

1.

Kill the daemons on the primary server, using the following

 

 

 

command:

 

 

 

# /sbin/init.d/krbsrv stop

 

 

2.

Restart the kdcd and kadmind daemons, using the following

 

 

 

command:

# /sbin/init.d/krbsrv start

226

Chapter 7

Page 226
Image 226
HP UX Kerberos Data Security Software manual 226